Ability to ping redundant interface IP address

Similar Messages

• CSS redundant interface and DNS server

  We're attempting to implement a pair of CSS's using redundant ASR and GSLB where the CSS's act as DNS servers.
  But I'm not sure if the 2 features are compatible. The CSS's answer DNS queries to their direct interface but not the redundant interface.
  Does anyone have any suggestions or work-arounds? We're running version 8.20.
  TIA,
  Dan

  Dan doing some research I can see that the option to configure redundant-interface to resolve dns queries is not included on CSS 11500 series, this from the documentation.
  On the document for CSS 11000 series that I provided before shows:
  Configuration Requirements and Restrictions
  The following requirements and restrictions apply to the configuration of this feature.
  •You can configure this feature only on Cisco 11000 series CSSs (not 11500)
  If I look at the redundant-interface configuration on old CSS 11000 series I see the option for dns:
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11000series/v6.10/configuration/advanced/guide/VIPRedun.html#wp1067528
  Look at this line:
  dns-server - Keyword that enables the CSS to respond to DNS queries destined for the redundant interface IP address. For more information, see the "Configuring a Redundant Virtual Interface to Respond to DNS Requests" section.
  On new CSS 11500 series this option is not available:
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20_v8.10/configuration/redundancy/guide/VIPRedun.html#wp1067528
  I am trying to find if there is any workaround but so far semms that is expected to miss this feature on CSS11500.

• CSS redundant-interface ping response

  Hi,
  I just wan't to make a simple question:
  Should the css11151 respond to ping requests made to a redundant-interface?
  If yes, what can be the reason for the redundant interface, not being responding to ping requests?
  Thanks in advance,
  Regards,
  LR

  Hi,
  Did you ever find solution to the issue.
  I have 11503 and I have same problem, I cannot ping the redundant-interface address from the directly connected switch.
  It works for first few seconds when the CSS reboots or interface bounces then stops.
  Any ideas?
  Thanks

• Why do we configure the Redundant Interface in CSS Public Face

  Hi,
  I have a question : Why do we configure the redundant interface in a CSS facing the public side of a CSS.
  I understand the need for the interface in the server side though. Please refer to the URL below;
  http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_810/redundgd/vipredun.htm#wp1063393

  this is not a requirement if your vips belong to the public vlan subnet.
  But if your vip addresses are from a different subnet, then the upstream router needs a route pointing to the CSS redundant interface ip.
  Gilles.

• Server Loses Ability to Ping to the Internet

  Hello,
  I have a new physical HP server running Server 2008 R2 with Whats Up Gold. Recently, the server started developing an issue roughly every 48 hours where it cannot ping or use ICMP to the internet. The ability to ping to the internet returns roughly two hours
  later after the start of the symptoms or if I perform a reboot. We know this because we have some stuff we monitor over the internet. It has been in production since November and started this behavior in early January for some reason. Nothing has changed to
  my knowledge that would cause this issue.  It doesn't lose the ability to use ICMP internally just going out to the internet. The local firewall is off and IPv6 is not disabled. I have seen this happen live and have been able to troubleshoot with our
  network engineers. They are supposedly not seeing any denials of traffic on their firewalls or load balancers.
  So far I have:
  1. Changed cabling and switch ports with no luck
  2. Worked with HP to replaced the NIC card itself and make sure drivers, BIOS, and firmware are updated
  3. Rebuilt the TCP/IP stack on the local server
  4. Taken the server out of production, changed the network segment and local IP (to confirm the problem actually isn't a network firewall issue), and the server still isn't able to ping to the internet.
  The discovery of #4 leads to me believe it is the server itself. Like I said in the above paragraph, the server's ability returns usually within two hours or immediately after a reboot.
  I am on the verge of either rebuilding or demanding HP replace the server. The server is fully up to date on patches and drivers. I just really haven't seen behavior like this that didn't involve changing out the NIC. I am not sure if changing the system
  board would do anything per say. I just want to know what else I could be missing?

  Hi,
  In order to diagnose the issue, I think we confirm some more information.
  Did you ping by IP address or domain name?
  Run pathping, check the result and post here.
  Could you share ipconfig /all with us?
  Thank you.

• Reg. Redundant interfaces in ASA 8.0

  Hi
  In ASA 8.0,I have following queries related to redundant interfaces
  a)While configuring redundant interface can the redundant interface again be divided into logical interface like red1.1 , red1.2 ?
  b)Is Redundant interface supported in the Multiple context mode
  Regards
  Ankur

  Yes Ankur,it is possible.
  ##snippet##
  interface Ethernet0/0
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet0/1
  speed 100
  nameif inside
  security-level 100
  ip address 192.168.16.19 255.255.255.128
  ospf network point-to-point non-broadcast
  ospf message-digest-key 123 md5
  interface Ethernet0/2
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet0/3
  nameif null0
  security-level 50
  ip address 10.2.1.1 255.255.255.0
  interface Management0/0
  no nameif
  security-level 0
  no ip address
  interface Redundant1
  member-interface Ethernet0/0
  member-interface Ethernet0/2
  no nameif
  no security-level
  no ip address
  interface Redundant1.1
  vlan 32
  no nameif
  no security-level
  ip address 1.1.1.8 255.0.0.0
  Regards,
  Sushil

• Wireless lan Controller 4402 / ping dynamic interface failed

  hi,
  i've a problem with a Wireless Lan Controller 4402.
  When i configure the dynamic interface on the my network , with wired lan
  i don't reach (i use the ping command) the ip address of the WLC.
  In my case (wired):
  On my pc i've a ip 10.1.78.1 255.255.0.0 and dgw 10.1.1.1 (vlan721)
  The lan WLC have a ip of management 10.12.2.4 /24 (vlan799) [dgw 10.12.2.1]
  dynamic vlan 792 ip add 10.12.78.100 / 22 (vlan792) [dgw 10.12.68.1]
  i ping these interfaces (10.12.2.4 and 10.12.78.100) and the ping is ok.
  When i create a dynamic interface vlan 721 starting the problem:
  dynamic vlan 791 ip address 10.1.1.240 / 16 (vlan721)
  After this ......the ping on 10.12.2.4 and 10.12.78.100 don't respond very well
  and i lose the 80-90% of the ping packages.
  through the wi-fi instead I do not have problems.
  the problem exist only via wired (cable).
  Can you help me?
  Thanks
  FCostalunga

  Hello,
  Pinging the dynamic interface is officially not supported. The reason why is because the controller places a very low priority on ICMP traffic. Typically, you will not have an issue with doing so on your wireless network because this interface is basically a gateway for the client. However, from the wired network - the only interface designed to respond to pings 100% of the time is the management interface. Hope this helps!
  -Mark

• Virtual Interface IP address

  Hi,
  In all Cisco documentation 1.1.1.1 is always specified as Virtual Interface IP address.
  Here is my concern. When wireless client gets an IP address (through DHCP), 1.1.1.1 is entered as DHCP server which means that at 50% lease time client will attempt DHCP Request to 1.1.1.1
  1.1.1.1 is not routable on the wired network, but controller makes sure that it is accessible on the wireless network.
  The problem is if you have both wired and wireless connected, default gateway through wired connection wil have less cost, so client will attempt to send traffic to 1.1.1.1 using wired interface and will obviously fail.
  At 83.5% of lease time client will attempt full DHCP process starting from Discovery and I guess this is when the IP on wireless NIC will be renewed, cause those Discovery messages are to 0.0.0.0....
  Is my understanding correct?
  Thanks!
  David

  Hi,
  With both wired and wireless active at the same time (when laptop is docked for example)DHCP Request to 1.1.1.1 will fail cause it will be sent using wired interface and not wireless (default route metric in the host's routing table). This will cause this DHCP Request to fail at 50% lease time.
  Next step is DHCP Discover at 83.5% of lease time. Destination IP will be 255.255.255.255 and it will be generated specifically on wireless interface, since this in the interface that needs to renew the IP.
  This is exactly my question. Will this Discover to 255.255.255.255 go through wireless interface, cause this is the interface that needs IP addresses renewed. If so, I assume it will succeed and client's IP address will be renewed.
  A bit worse than renewing at 50% lease time as a normal DHCP process, but better than loosing the IP at all when 100% lease time hits. 83.5% is somewhere in between...
  Comments?
  Can you also advise how do you disable DHCP Relay function on the controller? Do you need to remove DHCP IP addresses in WLAN configs?
  Another question is about needing WLAN for Management interface. Is it needed for any reason? WLANs are always documented to be bound to Dynamic Interfaces and not Management, however Management interface does appear in the drop down menu under WLAN configuration. Thoughts?
  Thanks!
  David

• Redundancy Interface for Content Server Release 6.x

  Third-generation Content Server is UCS C220 (Not Vmware).
  I see from TCS Release 6.x Quick Start which cannot use LAN2.
  I'm not sure. How to connect LAN for redundancy interface or not because it have many NIC card.
  Dual 1-Gb Ethernet ports:
  LAN1 (Arrow 7, left pointer)— Use this port to connect the Content Server to the network (also see Figure 3)
  LAN2 (Arrow 7, right pointer)— Not used

  Hi,
  The TCS server supports only single NIC in a deployment. That particular NIC value is used to generate the checksum, which needs to be passed along with the Release keys to bring up the content engine. That is the reason if you connect any other NIC to the network, the content engine will not start.
  Also, when the release keys are generated on the license server, it uses the NIC with the lowest value (always the first NIC on the server).
  I know its a complete waste to have so many NICs and use only one. But what can I say, thats the way Cisco designed the server..!!!
  Regards,
  -Deepti

• Secondary Interface IP Address not configured

  Hello,
  I have a custom A4 Linux based instance with multiple NICs.  All of the secondary interfaces are configured using the following lines:
  PS C:\> Add-AzureNetworkInterfaceConfig -Name "Eth1" -SubnetName "Subnet-1" -StaticVNetIPAddress "10.1.2.106" -VM $newVM
  PS C:\> Add-AzureNetworkInterfaceConfig -Name "Eth2" -SubnetName "Subnet-2" -StaticVNetIPAddress "10.1.3.106" -VM $newVM
  The instance comes up with the interfaces, but the IP addresses are not configured on it and one has to physically log in to the machine and then assign the IP addresses to the secondary interfaces, restart networking and then everything works.
  Can anyone provide some insight into this?
  Thanks.

  Hi Ajit,
  Please be advised that Secondary Interface IP Address is not automatically configured In VM instances using CentOS 6.5. The IP Addresses for the interfaces will have to be manually configured.
  However, if you use CentOS 7, the IP Addresses are configured automaticallly in it.
  Hope this helps.
  Regards,
  Malar.

• Setting network interface IP address

  Hello everyone,
  Is it possible to change a network interface IP address(eg set my local area connection IP) purely in Java or should JNI be used?
  Thanks in advance.

  I doubt there is a single, cross-platform way in purely Java, but short of using JNI you could probably use something like Runtime.exec() (assuming your user has proper permissions) and a corresponding command-line utility (like ifconfig on Unix/Linux, ipconfig on Windows).
  Edit From a brief look, it looks like ipconfig won't do the equivalent on Windows as ifconfig will do.
  Edited by: endasil on 16-Sep-2009 3:37 PM
  Edit Looks like the netsh command on Windows does some of those things:
  netsh interface ip set address local static 123.123.123.123 255.255.255.0 Source: [Wikipedia: netsh|http://en.wikipedia.org/wiki/Netsh]
  Edited by: endasil on 16-Sep-2009 3:39 PM

• Redundant Interfaces with Management0/0 on ASA5510

  Readers,
  Is it possible to configure redundant interfaces on the Management port?
  Thanks,
  Timothy

  Timothy
  normal ASA boxes just have a single management interface.. I really dont feel the need for redundancy here.. If you need one, you can get a failver ASA box, and build up redundancy..
  in any case, you have other interaces like inside, through which you can enable management, like telnet, http etc, if required.. or any other DMZ interface (say network management DMZ)... its all flexible.. with all these, i really dont see any need for a redundant management port...
  Hope this helps.. all the best..
  Raj

• ASA Redundant interfaces with stack switches

  Hi All,
  we have two ASA 5510 connected in failover, and a pair of cisco 2960s switch connected in stack.
  Currently one interface of primary ASA is terminated on switch1 and a interface from standby is connected to switch2 as Inside, and switch1 and switch2 are in stack.
  for redundancy purpose i want to use multiple interfaces of ASA for inside , so first i thought to use etherchannel , but it has a limitation that , it cannot be terminated on stack switch(as per cisco document http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/general/interface_start.html ).
  So my question is :
  1. can we use redundant interface feature where  2 physical interfaces combined to a redundant interface (eg interface redundant 1) for inside redundancy purpose.
  2. Can these ports from primary/standby ASA terminated on stack switches (2960s), will this work (if the switch with active port goes down, will the other port take over in the redundant interface with the other switch).
  I have attached the nw diagram,
  Regards,
  Ashraf

  Hello Ashraf,
  1. can we use redundant interface feature where  2 physical interfaces combined to a redundant interface (eg interface redundant 1) for inside redundancy purpose.
  Sure, you can. That's the whole purpose of the feature.
  2. Can these ports from primary/standby ASA terminated on stack switches (2960s), will this work (if the switch with active port goes down, will the other port take over in the redundant interface with the other switch).
  It would make sense if that happens, as the status of the interface will be on a different state than up/up so failover to the other interface will be triggered,
  Regards,
  Julio

• ASA Redundant Interfaces

  Hi everybody,
  and thanks for a great forum!
  I have one asa and two switches, i would like the asa set up with a redundant interface consisting of one physical interface in each switch (vlan trunked across the two switches). Now... Is it possible to set a preferred active physical interface in this redundant interface bundle? Is there a way to make sure the same interface is always active (both interfaces a working as intented), even after a reboot?
  More specifically, i need this so i can decide where to establish my stp root, and always have the most optimal path (again ofcourse unless one interface fails).
  Cheers

  Hi,
  I see that you want to configure redundant interface on ASA and also need to ensure that same interface always remain active. Now, the interface which you will defined first using 'member-interface' command while configuring redundant interface will be the active one by default. If you already have it configured and you want to change the active interface, you can use following command:
  To change the active interface, enter the following command:
  hostname# redundant-interface redundantnumber active-member physical_interface
  Now, if active interface goes down, second one will take over as expected.
  Check this link for more info:
  http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/intrface.html#wp1045838
  Hope this answers your question.
  Sourav

• Cisco ASA Redundant interface

  Hello,
  We are looking at upgrading an aging firewall with a Cisco ASA.  I have used the ASA before. 
  We would like to use the ASA in a colocation facility that will have a few site to site vpns.  The ASA MUST be able to have redundant interfaces to our switches.  Reading through ASA documentation this is possible.  (http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/intrface.html#wp1045838) Can the ASA have redundant links to the same vlans?  Will any of our configuration for VPN's, etc have to be setup twice?
  Thanks

  There are four types of redundancy that one can use on ASAs. The first one you cited, redundant interfaces on a single physical device is the least common in my experience.
  The second is failover - when the ASA is mated is a failover ASA in a high availability configuration. This is the most common usage for customers requiring high availability (HA). That is the most common implementation and has been around since ASA 7.0 software (i.e. a good many years).
  The third is to bond your interfaces from a given ASA (or sets of interfaces if you have an HA pair) into an Etherchannel. This has the added advantage of giving you potentially higher trhoughput. Etherchannel support was introduced in ASA software version 8.4(1).
  The fourth and newest method is clustering. It was introduced just last fall in ASA 9.0 and is not very widely adopted just yet. It is primarily for high throughput requirements exceeding a single device's capacity but also gives the added benefit of redundancy.
  None of them require you setup things twice configuration-wise. Some file operations (software upgrade, certificate management, VPN profiles (XML files)) need to be copied onto both members in a failover pair or all members in a cluster scenario.
  Edit - there is a fifth type specific to VPNs whereby one can configure a secondary VPN gateway for clients, usually at a alternate site. That approach does require settting up everything separately on the ASAs.